123 E' stata riscontrata una vulnerabilità in Microsoft Outlook Express che potrebbe essere sfruttata da un utente malevolo per compromettere un sistema vulnerabile.
La falla, dovuta ad un boundary error nel parsing dei file Windows Address Book (.wab), può essere sfruttata per causare un heap overflow ed eseguire codice arbitrario nel caso venga aperto un file .wab creato ad arte.
Soluzione
========
Applicare le relative patch:
Outlook Express 6 su Windows Server 2003 e Windows Server 2003 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=484DE679-5505-4196-BDD8-F7CF325AF0F5
Outlook Express 6 su Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=A7B10D8F-D9D7-4423-AA6D-C1C41D23794E
Outlook Express 6 su Windows Server 2003 e Windows Server 2003 con SP1 :
http://www.microsoft.com/downloads/details.aspx?familyid=800BF687-BEE5-478F-A025-43CD16682F31
Outlook Express 6 su Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0DD827BC-6FA1-405A-933E-FB422A4E8096
Outlook Express 6 su Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/details.aspx?familyid=FF772C0B-6F98-449D-B02E-C9C236068172
Outlook Express 6 SP1 su Windows XP SP1 o Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CDA93501-99CB-4F28-BB73-6438CAD081DB
Outlook Express 5.5 SP2 su Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=E61A3D64-14FD-4976-BB03-C31CA6EE61E2
Riferimenti
========
http://www.microsoft.com/technet/security/Bulletin/MS06-016.mspx
http://www.zerodayinitiative.com/advisories/ZDI-06-007.html
http://secunia.com/advisories/19617/
Fonte: http://www.zone-h.it/advisories/read/id=1321